Portable data storage devices such as laptops, thumb drives, Blackberries and iPods are now a permanent part of the corporate data landscape. Sensitive corporate data and intellectual property is residing on these devices, which, if lost, could present a serious liability to companies. Here are some best practices for encrypting data on these devices.
Centralize policy creation and control
Encryption software for mobile devices should support encryption policies that administrators can centrally create and manage to ensure mobile users don't circumvent corporate policies. Centennial Software Ltd.'s Devicewall and GuardianEdge Technologies Inc.'s Device Control and Removable Storage Encryption products can encrypt data and provide centralized encryption policy management for portable storage devices.
Encryption software should include a discovery and reporting component so companies can quantify how much, and what, data is stored on portable devices, as well as what the potential risk is if loss or theft occurs. Products from Tablus Inc. and Vontu Inc. identify data being copied to devices and can prevent or audit those activities.
Encryption key creation
Formulate encryption policies that force mobile users to create and use complex encryption keys, or use third-party software that creates and manages the encryption keys for them. Devicewall and GuardianEdge tie into Active Directory, through which companies can create policies for the creation and management of user encryption keys.
Restrict data storage on new mobile devices
New portable storage devices from digital cameras to iPods are capable of storing hundreds of gigabytes of data in unencrypted formats. Short term, create policies that restrict users from storing data on these devices; longer term, implement products that encrypt data stored to these mobile devices and adhere to corporate encryption key generation and management policies.
This article first appeared in Storage magazine. Click here for the entire article.